Incident ResponderGet Started With Incident Responder


Integrate Incident Responder with a service to run actions and playbooks.

A service is a third-party product or vendor you integrate with Incident Responder to run actions and playbooks. This service is usually one your organization already uses, like Cisco Threatgrid or Palo Alto Networks Wildfire. Instead of leaving Incident Responder to use these services, integrate them so you access them in one location.

You configure each service differently. Once you configure a service, you can edit or disable it.Edit a Service You ConfiguredEdit a Service You ConfiguredDisable a ServiceDisable a Service

If you don't want to purchase additional services from third parties, you can use Exabeam's in-house service, Exabeam Actions. It is free to use and available out of the box. You can also upload a custom service. This custom service can be one you developed from scratch or one that customizes an out-of-the-box third-party service.Upload a Custom ServiceUpload a Custom Service

If you use a third-party service we don't yet support, contact your Sales Representative to request it.

Exabeam Actions Service

Get started using basic actions with the Exabeam Actions service.

Exabeam Actions is an in-house service that is free to use and available out-of-the-box. With the Exabeam Actions service, you can start using actions or playbooks, like turnkey playbooks, without purchasing additional services from third parties.Turnkey Playbooks

The service supports basic actions, including:

To assess the reputation of an entity, Exabeam Actions searches across various sources, like threat feeds and IP reputation lists, for evidence that the entity may be risky. Then, it compares the evidence against a set of conditions. Depending on which conditions the evidence matches, Exabeam Actions assigns the entity a severity level between 0 and 99. If the entity has a severity level of 50 and above, Exabeam Actions considers the entity to have a malicious reputation.